With enough determination, hackers could compromise just about any online dating or hookup service the way they targeted Canadian adultery website AshleyMadison. com, a cybersecurity expert says.

“These things are very doable,” says Brian Bourne, co-founder of the Canadian information technology security conference SecTor. “I’m never surprised. Sometimes I’m surprised by how long it takes.”

On Sunday, the blog Krebs-OnSecurity reported that a group of hackers calling themselves The Impact Team had gained access to the site’s data on users, threatening to post names, nude photos and credit card information unless Ashley Madison and affiliated site Established Men were shut down. In a series of statements released Monday, Ashley Madison’s Torontobased parent company Avid Life Media confirmed its systems had been breached, saying it had removed any information that may have identified users published online.

This is the second time in two months a prominent online dating site has been compromised. In May, hackers leaked information about users of the hookup site Adult Friend Finder, including their email addresses.

The married people seeking affairs on Ashley Madison may be more interested in discretion than the average online dater, but the hack exposes a vulnerability in the growing industry – even users of services like Tinder would not be happy about their flirty messages and racy photos being made available to their bosses and mothers – and threatens an increasingly hot sector for IPOs.

According to a report from Pew Research in 2013, 11 per cent of adult Internet users have tried online dating, trusting apps and websites with their photos and intimate personal information. These users now make up three-quarters of the $2.4 billion US dating services industry, which has grown at a rate of five per cent per year since 2010.

Ashley Madison and Match Group, the subsidiary of IAC/InterActiveCorp that owns popular dating sites such as Tinder, OK Cupid and recently bought Plenty of Fish for $575 million, are both planning initial public offerings.

Mark Brooks, principal consultant at the online dating industry advisory firm Courtland Brooks, says he would now be surprised if Avid Life goes ahead with its IPO on schedule. In April, the company said it intends to raise up to $200 US million on the London Stock Exchange, but has yet to file a prospectus.

“Their IPO is definitely going to be affected. … I can’t imagine they’ll proceed with it. They’re not going to achieve full market valuation.”

Brooks says he’s hopeful the hack will have little effect Match Group’s IPO, however. Match’s portfolio of online dating services is much tamer and more conventional.

“I see no reason why it would affect the Match Group,” he says, “Privacy is very important to Internet dating companies in general, but it’s 1,000 times more important to the likes of Ashley Madison and the other companies in what I call that philanderer niche.”

Still, the infiltration of Ashley Madison revealed not only a weakness in protecting active users but those who had taken their accounts offline – hackers said Avid Life had accepted fees from users who wanted their accounts fully deleted, but kept the data without their knowledge.

In a statement, the company denied the charge, referring to the hack as an “act of cyberterrorism” and saying it was making the full-delete option available to all users. But Bourne says scrubbing a system of every single trace of a user is very hard to do.

“What about backups? What about finance systems that have audit controls, so you can’t just go change things? What about the backups of those?” he says. “In practice, it’s extremely difficult if not impossible.”

Sarah Turk, an analyst for IBISWorld, says she doesn’t think any of this will scare consumers away from online dating sites. But it could spur them to push for greater transparency about how they keep customers’ data safe.

“In the future, it’s likely that online dating websites will disclose their encryption services? as well as their process for deleting user data if members delete their account.”

This Week's Flyers

Comments

We encourage all readers to share their views on our articles and blog posts. We are committed to maintaining a lively but civil forum for discussion, so we ask you to avoid personal attacks, and please keep your comments relevant and respectful. If you encounter a comment that is abusive, click the "X" in the upper right corner of the comment box to report spam or abuse. We are using Facebook commenting. Visit our FAQ page for more information.